Interesting lead on international fraud
I've seen a lot of my fraud calls start with numbers on this website and then move to other ones. http://www.world-premium-telecom.com/index.php?type=static_page&page=about I think these people are the genesis of a whole lot of international fraud. Thoughts? Ideas? -Paul
Do others get contacted about arbitrage deals? I got a call last year about our UK personal number Ofcom allocations and politely told them it is illegal on all contracts we've signed. Artificial traffic inflation is nasty. I'm sure that's what they are doing? Thanks. On 11 May 2013 16:18, "Paul Timmins" <paul at timmins.net> wrote:
I've seen a lot of my fraud calls start with numbers on this website and then move to other ones.
http://www.world-premium-telecom.com/index.php?type=static_page&page=about
I think these people are the genesis of a whole lot of international fraud.
Thoughts? Ideas?
-Paul _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
We had something similar where a site had a huge list of numbers and they would offer people rewards or credits toward a reward if they called them. Some of the fraud calls from our switch were destined to those numbers. So definitely some arbitrage scam. Shripal On May 11, 2013, at 11:17 AM, Paul Timmins <paul at timmins.net> wrote:
I've seen a lot of my fraud calls start with numbers on this website and then move to other ones.
http://www.world-premium-telecom.com/index.php?type=static_page&page=about
I think these people are the genesis of a whole lot of international fraud.
Thoughts? Ideas?
-Paul _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Do you recall the name of the site that advertised numbers?
From: VoiceOps [mailto:voiceops-bounces at voiceops.org] On Behalf Of Shripal Daphtary Sent: Saturday, May 11, 2013 2:28 PM To: Paul Timmins Cc: voiceops at voiceops.org Subject: Re: [VoiceOps] Interesting lead on international fraud
We had something similar where a site had a huge list of numbers and they would offer people rewards or credits toward a reward if they called them.
Some of the fraud calls from our switch were destined to those numbers.
So definitely some arbitrage scam.
On May 11, 2013, at 11:17 AM, Paul Timmins <paul at timmins.net> wrote:
I've seen a lot of my fraud calls start with numbers on this website and then move to other ones.
http://www.world-premium-telecom.com/index.php?type=static_page&page=about
I think these people are the genesis of a whole lot of international
fraud.
Thoughts? Ideas?
-Paul _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Not with me but I'll look tomorrow. Shri Shripal On May 11, 2013, at 4:46 PM, "Jim Dalton" <jim.dalton at transnexus.com> wrote:
Do you recall the name of the site that advertised numbers?
From: VoiceOps [mailto:voiceops-bounces at voiceops.org] On Behalf Of Shripal Daphtary Sent: Saturday, May 11, 2013 2:28 PM To: Paul Timmins Cc: voiceops at voiceops.org Subject: Re: [VoiceOps] Interesting lead on international fraud
We had something similar where a site had a huge list of numbers and they would offer people rewards or credits toward a reward if they called them.
Some of the fraud calls from our switch were destined to those numbers.
So definitely some arbitrage scam.
On May 11, 2013, at 11:17 AM, Paul Timmins <paul at timmins.net> wrote:
I've seen a lot of my fraud calls start with numbers on this website and then move to other ones. http://www.world-premium-telecom.com/index.php?type=static_page&page=about
I think these people are the genesis of a whole lot of international fraud.
Thoughts? Ideas?
-Paul _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
this was one of them, http://www.dial2win.com/ - this is the reward site. the other was http://bluechip-telecom.com/, which throws as 403 when you go to it, which is good i guess. but i think they are the same as bctelecomm.com - which is listed now as a malware site by google... On Sat, May 11, 2013 at 4:46 PM, Jim Dalton <jim.dalton at transnexus.com>wrote:
Do you recall the name of the site that advertised numbers?
From: VoiceOps [mailto:voiceops-bounces at voiceops.org] On Behalf Of Shripal Daphtary Sent: Saturday, May 11, 2013 2:28 PM To: Paul Timmins Cc: voiceops at voiceops.org Subject: Re: [VoiceOps] Interesting lead on international fraud
We had something similar where a site had a huge list of numbers and they would offer people rewards or credits toward a reward if they called them.
Some of the fraud calls from our switch were destined to those numbers.
So definitely some arbitrage scam.
On May 11, 2013, at 11:17 AM, Paul Timmins <paul at timmins.net> wrote:
I've seen a lot of my fraud calls start with numbers on this website and then move to other ones.
http://www.world-premium-telecom.com/index.php?type=static_page&page=about
I think these people are the genesis of a whole lot of international
fraud.
Thoughts? Ideas?
-Paul _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
;^) Regards, Carlos From: VoiceOps [mailto:voiceops-bounces at voiceops.org] On Behalf Of Shripal Daphtary Sent: Monday, May 13, 2013 10:07 AM To: jim.dalton at transnexus.com; VoiceOps at voiceops.org Subject: Re: [VoiceOps] Interesting lead on international fraud this was one of them, http://www.dial2win.com/ - this is the reward site. the other was http://bluechip-telecom.com/, which throws as 403 when you go to it, which is good i guess. but i think they are the same as bctelecomm.com<http://bctelecomm.com> - which is listed now as a malware site by google... On Sat, May 11, 2013 at 4:46 PM, Jim Dalton <jim.dalton at transnexus.com<mailto:jim.dalton at transnexus.com>> wrote: Do you recall the name of the site that advertised numbers?
From: VoiceOps [mailto:voiceops-bounces at voiceops.org<mailto:voiceops-bounces at voiceops.org>] On Behalf Of Shripal Daphtary Sent: Saturday, May 11, 2013 2:28 PM To: Paul Timmins Cc: voiceops at voiceops.org<mailto:voiceops at voiceops.org> Subject: Re: [VoiceOps] Interesting lead on international fraud
We had something similar where a site had a huge list of numbers and they would offer people rewards or credits toward a reward if they called them.
Some of the fraud calls from our switch were destined to those numbers.
So definitely some arbitrage scam.
On May 11, 2013, at 11:17 AM, Paul Timmins <paul at timmins.net<mailto:paul at timmins.net>> wrote:
I've seen a lot of my fraud calls start with numbers on this website and then move to other ones.
http://www.world-premium-telecom.com/index.php?type=static_page&page=about
I think these people are the genesis of a whole lot of international
fraud.
Thoughts? Ideas?
-Paul _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org<mailto:VoiceOps at voiceops.org> https://puck.nether.net/mailman/listinfo/voiceops
A while back, when I started streaming to Twitter (https://twitter.com/efensive) I had wanted to post the numbers being dialed by fraudsters so that others would be able to see these numbers and block them. Difficult to get a list of numbers called, in fact, I would hope that no one would have a number to add, as that would mean one was compromised. However, if anyone wants to share #'s being dialed fraudulently, I will add them to the Twitter stream and perhaps make an all inclusive list freely available. I added a few here and there, but I have also taken a lot of proactive steps to reduce fraud. (Hello Jim and others at Transnexus ;)) This is what I (we were I work) have done. I parse the logs on my SBCs on an hourly basis. The log parsing does two distinct things, 1) tallies the volume of calls, and two dissects which calls are going to high rated areas. STEP 1) Download SBC logs Perform a count against client trunks Compare that count against a 90 day baseline Report anomalies This allows me to see when a trunk is generating a lot of calls. Period STEP 2) Parse through SBC logs Parse out DESTINATION (country code area code) Check DESTINATIONS against a rate deck where price exceeds N amount per minute (I have this set to about .21 (USD) per minute. Report which trunk is making that call. The reporting is automated and if anomalies are detected, emails are sent and ALSO a call is generated to a group so that we will know ASAP that something has happened. We use Transnexus in ONE of our facilities, but have legacy Netrakes in another. So we had to improvise. -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM "Where ignorance is our master, there is no possibility of real peace" - Dalai Lama 42B0 5A53 6505 6638 44BB 3943 2BF7 D83F 210A 95AF http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2BF7D83F210A95AF
J, Is there an easy way to get the data from the twitter feed in a list format? This is great info. Thanks On Mon, May 13, 2013 at 12:57 PM, J. Oquendo <joquendo at e-fensive.net> wrote:
A while back, when I started streaming to Twitter (https://twitter.com/efensive) I had wanted to post the numbers being dialed by fraudsters so that others would be able to see these numbers and block them. Difficult to get a list of numbers called, in fact, I would hope that no one would have a number to add, as that would mean one was compromised. However, if anyone wants to share #'s being dialed fraudulently, I will add them to the Twitter stream and perhaps make an all inclusive list freely available.
I added a few here and there, but I have also taken a lot of proactive steps to reduce fraud. (Hello Jim and others at Transnexus ;)) This is what I (we were I work) have done.
I parse the logs on my SBCs on an hourly basis. The log parsing does two distinct things, 1) tallies the volume of calls, and two dissects which calls are going to high rated areas.
STEP 1) Download SBC logs Perform a count against client trunks Compare that count against a 90 day baseline Report anomalies
This allows me to see when a trunk is generating a lot of calls. Period
STEP 2) Parse through SBC logs Parse out DESTINATION (country code area code) Check DESTINATIONS against a rate deck where price exceeds N amount per minute (I have this set to about .21 (USD) per minute. Report which trunk is making that call. The reporting is automated and if anomalies are detected, emails are sent and ALSO a call is generated to a group so that we will know ASAP that something has happened.
We use Transnexus in ONE of our facilities, but have legacy Netrakes in another. So we had to improvise.
-- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM
"Where ignorance is our master, there is no possibility of real peace" - Dalai Lama
42B0 5A53 6505 6638 44BB 3943 2BF7 D83F 210A 95AF http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2BF7D83F210A95AF _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Hi folks, Useful feed that J. We publish similar in text file format: http://mirror.simwood.com/honeypot Simon On 14 May 2013 20:07, PE <peeip989 at gmail.com> wrote:
J,
Is there an easy way to get the data from the twitter feed in a list format? This is great info. Thanks
On Mon, May 13, 2013 at 12:57 PM, J. Oquendo <joquendo at e-fensive.net>wrote:
A while back, when I started streaming to Twitter (https://twitter.com/efensive) I had wanted to post the numbers being dialed by fraudsters so that others would be able to see these numbers and block them. Difficult to get a list of numbers called, in fact, I would hope that no one would have a number to add, as that would mean one was compromised. However, if anyone wants to share #'s being dialed fraudulently, I will add them to the Twitter stream and perhaps make an all inclusive list freely available.
I added a few here and there, but I have also taken a lot of proactive steps to reduce fraud. (Hello Jim and others at Transnexus ;)) This is what I (we were I work) have done.
I parse the logs on my SBCs on an hourly basis. The log parsing does two distinct things, 1) tallies the volume of calls, and two dissects which calls are going to high rated areas.
STEP 1) Download SBC logs Perform a count against client trunks Compare that count against a 90 day baseline Report anomalies
This allows me to see when a trunk is generating a lot of calls. Period
STEP 2) Parse through SBC logs Parse out DESTINATION (country code area code) Check DESTINATIONS against a rate deck where price exceeds N amount per minute (I have this set to about .21 (USD) per minute. Report which trunk is making that call. The reporting is automated and if anomalies are detected, emails are sent and ALSO a call is generated to a group so that we will know ASAP that something has happened.
We use Transnexus in ONE of our facilities, but have legacy Netrakes in another. So we had to improvise.
-- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM
"Where ignorance is our master, there is no possibility of real peace" - Dalai Lama
42B0 5A53 6505 6638 44BB 3943 2BF7 D83F 210A 95AF http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2BF7D83F210A95AF _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
_______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
-- ***** Email confidentiality notice ***** This message is private and confidential. If you have received this message in error, please notify us and remove it from your system. Simwood eSMS Limited is a limited company registered in England and Wales. Registered number: 03379831. Registered office: c/o HW Chartered Accountants, Keepers Lane, The Wergs, Wolverhampton, WV6 8UA. Trading address: Falcon Drive, Cardiff Bay, Cardiff, CF10 4RU.
I am adding this to my fraud system and will keep an eye on it. Should be fairly trivial to see if fraud patterns spider out from these numbers as a result. -Ryan On 05/11/2013 08:17 AM, Paul Timmins wrote:
I've seen a lot of my fraud calls start with numbers on this website and then move to other ones.
http://www.world-premium-telecom.com/index.php?type=static_page&page=about
I think these people are the genesis of a whole lot of international fraud.
Thoughts? Ideas?
-Paul _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
participants (9)
-
Carlos.Alvarez@pressone.net -
ghenry@suretec.co.uk -
jim.dalton@transnexus.com -
joquendo@e-fensive.net -
paul@timmins.net -
peeip989@gmail.com -
ryandelgrosso@gmail.com -
shripald@gmail.com -
simon.woodhead@simwood.com